Crowd Directory Configuration parameters and when they come into effect

G'Day team,


We have been using Crowd (stand alone server mode) for quite a while. We have an existing Directory with a population of about 300+ users. We are days away from enabling the following Crowd Directory parameters against this existing directory:
- Password Regex
- Max password attempts
- Password expiry
- Password history count

I would like to get confirmation that my understanding of the parameters AND rule to come into effect is correct. This is critical for us as we will base our end users communication on this understanding.

1. Password regex: password setup policy that will come into effect in 2 cases: new user setup and password reset/change

2. Max password attempts: when entering an active account password, max number of tries before the account is flagged with attribute requiresPasswordChange = true.
The account remains active.
No specific notification or communication is given to the user about the fact that his account password must be changed

3. Password expiry: time frequency at which an active account password must be changed.
The countdown starts either from the new account setup or last login time.
At expiry time, the account is flagged with attribute requiresPasswordChange = true.
The account remains active.
No specific notification or communication is given to the user about the fact that his account password must be changed

4. Password history count: number of former passwords disallowed when resetting/changing password

What is critical for me is to get your review and feedback on points 1., 2. and 3.
Are all my statements correct ?

Many thanks for your review and reply.
Cheers, Fred

1 answer

0 votes
Ann Worley Atlassian Team Sep 13, 2017

Hi Fred,

Thanks for the detailed question. Here is the article I am basing my answers on: Configuring an Internal Directory

For 1, Password Regex is the regex pattern which new passwords will be validated against. That would apply to resetting passwords as well. So your statement is accurate.

2- Maximum Invalid Password Attempts: The maximum number of invalid password attempts before the authenticating account will be disabled. The account will not remain active as in your statement.

3- Password expiry is not a feature in Crowd exactly but we do have "Maximum Unchanged Password Days" which is the number of days until the password must be changed.

4- Password History Count does work as you stated: it is the number of previous passwords to prevent the user from using.

I look forward to any follow up questions.

Thanks,

Ann

Hi Ann,

Many thanks for replying to my post !

Points 1- and 4- : we're on the same page, so that's great.

Point 2- : if you test this very parameter, you will see that the actual user account is not disabled (i.e. the user details' Active check box remains ticked ON) but only the user's "requiresPasswordChange" attribute value changes from False to True.

Hence, my question about: is that the expected behaviour?

 

Point 3- : can you also confirm the following behaviours?

The countdown starts either from the new account setup or last login time.
At expiry time, the account is flagged with attribute requiresPasswordChange = true.
The account remains active.
No specific notification or communication is given to the user about the fact that his account password must be changed

 

I am really thorough here as the behaviours are different from other Active Directory applications and therefore I must be precise in my communications to the end user base.

Many thanks in advance for your feedback,

Fred

Suggest an answer

Log in or Join to answer
Community showcase
Teodora [Botron]
Published Thursday in Marketplace Apps

Jira Inferno: The Nine Circles of Jira Administration Hell

If you spend enough time as a Jira admin - whether you are managing a single, mid-sized instance, a large enterprise one or juggling multiple instances at once - you will eventually find yourself in ...

891 views 5 18
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot